Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-4295 | GEN005500 | SV-45997r2_rule | DCPP-1 ECSC-1 | High |
Description |
---|
SSHv1 is not a DoD-approved protocol and has many well-known vulnerability exploits. Exploits of the SSH daemon could provide immediate root access to the system. |
STIG | Date |
---|---|
SUSE Linux Enterprise Server v11 for System z | 2015-05-27 |
Check Text ( C-43280r3_chk ) |
---|
Locate the sshd_config file: # more /etc/ssh/sshd_config Examine the file. If the variables 'Protocol 2,1’ or ‘Protocol 1’ are defined on a line without a leading comment, this is a finding. |
Fix Text (F-39363r4_fix) |
---|
Edit the sshd_config file and set the "Protocol" setting to "2". Restart the SSH daemon. # /sbin/service sshd restart |